Solved: Re: How to generate a search for an exact word pat... - Page 2

danielcmarcosjr · ‎11-02-2016

Hi All,

I want to search a word in Splunk in a certain field for example "foo" and will return the following:

foo bar
only foo bar
only foo

and will not return:

foos
xfoo

somesoni2 · ‎11-02-2016

Give this a try (run anywhere search, replace everything before the where clause with your search, also replace the field1 with your field name)

| gentimes start=-1 | eval field1="foo bar#only foo bar#only foo#not foos#foox no#don't fool me" | table field1 | makemv field1 delim="#" | mvexpand field1 
| where match(field1,"(\s|^)foo(\s|$)")

View solution in original post

danielcmarcosjr · ‎11-02-2016

thanks. but it will not return result if the foo is the last word.

gokadroid · ‎11-02-2016

🙂 wow...

your search to return field1
 | regex field1="(.*(^|\s)foo(\s|\n).*)"
 | complete your search

see this please

danielcmarcosjr · ‎11-04-2016

Thanks a lot! 🙂 🙂 🙂

How to generate a search for an exact word pattern?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation